CVE-2026-35718

Sažetak

A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request.

Reference

http://vivotek.com
https://github.com/xchg-rax-rax/vulnerability-research/tree/main/CVE-2026-35718

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

02-06-2026 - 17:20

Objavljeno

02-06-2026 - 16:16